LikeLikeAteMySword
New Around Here
It all started with LastPass.
LastPass had a security breach. That's not cool. All right, I'll move to Keeper, I get that for free - but I have to use my work email address, which means the browser plugin will sometimes replace username fields with my work email. I don't want website accounts attached to my work email. I mean really.
I started with KeepassXC, got a YubiKey, and got it working on my laptop, but I need to synchronize it on my other devices, especially my phone. I put the KeepassXC database on a SMB share, and mounted it on my laptop, etc, so I could always get to it... but then there's my Android phone and Android tablet. I wanted to start "de-googling" my life anyway, so Nextcloud seemed like a good option. Hey, I have this Unraid server over here, and they have a Nextcloud app, which even has two-factor authentication and a password manager. If I want to access my files from anywhere, I can use OpenVPN or something to log into my network, and get to Nextcloud (though that wouldn't work very well with the password manager - if I take a vacation and the power goes out, there goes my password manager). But Nextcloud wants to use TLS. Understandable. It turns out that Merlin has this feature for getting a TLS certificate via LetsEncrypt. Neato! How do I get that to my Nextcloud instance running on Unraid?
I can see three options so far.
1. "Push" the certificate on the router with private key to Unraid so my different apps can use them, including Nextcloud. It would probably involve a cron job from either Unraid or Merlin involving scp to put it in the right place.
2. "Pull" the certificate onto the Nextcloud docker-compose stack, or maybe a dedicated container running Let's Encrypt, then pull it back onto the router with a cron job running on the router, again involving scp.
3. Do something "Weird" like put the certificate in OpenLDAP running on the router. This has the additional advantage of giving me a central place to configure all of my users for all of my devices. Sounds like a fun little project.
Which would you suggest?
LastPass had a security breach. That's not cool. All right, I'll move to Keeper, I get that for free - but I have to use my work email address, which means the browser plugin will sometimes replace username fields with my work email. I don't want website accounts attached to my work email. I mean really.
I started with KeepassXC, got a YubiKey, and got it working on my laptop, but I need to synchronize it on my other devices, especially my phone. I put the KeepassXC database on a SMB share, and mounted it on my laptop, etc, so I could always get to it... but then there's my Android phone and Android tablet. I wanted to start "de-googling" my life anyway, so Nextcloud seemed like a good option. Hey, I have this Unraid server over here, and they have a Nextcloud app, which even has two-factor authentication and a password manager. If I want to access my files from anywhere, I can use OpenVPN or something to log into my network, and get to Nextcloud (though that wouldn't work very well with the password manager - if I take a vacation and the power goes out, there goes my password manager). But Nextcloud wants to use TLS. Understandable. It turns out that Merlin has this feature for getting a TLS certificate via LetsEncrypt. Neato! How do I get that to my Nextcloud instance running on Unraid?
I can see three options so far.
1. "Push" the certificate on the router with private key to Unraid so my different apps can use them, including Nextcloud. It would probably involve a cron job from either Unraid or Merlin involving scp to put it in the right place.
2. "Pull" the certificate onto the Nextcloud docker-compose stack, or maybe a dedicated container running Let's Encrypt, then pull it back onto the router with a cron job running on the router, again involving scp.
3. Do something "Weird" like put the certificate in OpenLDAP running on the router. This has the additional advantage of giving me a central place to configure all of my users for all of my devices. Sounds like a fun little project.
Which would you suggest?
